1*7f2fe78bSCy SchubertPKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) 2*7f2fe78bSCy Schubert security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) } 3*7f2fe78bSCy Schubert 4*7f2fe78bSCy SchubertDEFINITIONS EXPLICIT TAGS ::= 5*7f2fe78bSCy Schubert 6*7f2fe78bSCy SchubertBEGIN 7*7f2fe78bSCy Schubert 8*7f2fe78bSCy Schubert-- EXPORTS ALL -- 9*7f2fe78bSCy Schubert 10*7f2fe78bSCy Schubert-- IMPORTS NONE -- 11*7f2fe78bSCy Schubert 12*7f2fe78bSCy Schubert-- UNIVERSAL Types defined in 1993 and 1998 ASN.1 13*7f2fe78bSCy Schubert-- and required by this specification 14*7f2fe78bSCy Schubert-- (Commented out for krb5 source tree) 15*7f2fe78bSCy Schubert 16*7f2fe78bSCy Schubert-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING 17*7f2fe78bSCy Schubert -- UniversalString is defined in ASN.1:1993 18*7f2fe78bSCy Schubert 19*7f2fe78bSCy Schubert-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING 20*7f2fe78bSCy Schubert -- BMPString is the subtype of UniversalString and models 21*7f2fe78bSCy Schubert -- the Basic Multilingual Plane of ISO/IEC 10646 22*7f2fe78bSCy Schubert 23*7f2fe78bSCy Schubert--UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING 24*7f2fe78bSCy Schubert -- The content of this type conforms to RFC 3629. 25*7f2fe78bSCy Schubert 26*7f2fe78bSCy Schubert-- PKIX specific OIDs 27*7f2fe78bSCy Schubert 28*7f2fe78bSCy Schubertid-pkix OBJECT IDENTIFIER ::= 29*7f2fe78bSCy Schubert { iso(1) identified-organization(3) dod(6) internet(1) 30*7f2fe78bSCy Schubert security(5) mechanisms(5) pkix(7) } 31*7f2fe78bSCy Schubert 32*7f2fe78bSCy Schubert-- PKIX arcs 33*7f2fe78bSCy Schubert 34*7f2fe78bSCy Schubertid-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 35*7f2fe78bSCy Schubert -- arc for private certificate extensions 36*7f2fe78bSCy Schubertid-qt OBJECT IDENTIFIER ::= { id-pkix 2 } 37*7f2fe78bSCy Schubert -- arc for policy qualifier types 38*7f2fe78bSCy Schubertid-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 39*7f2fe78bSCy Schubert -- arc for extended key purpose OIDS 40*7f2fe78bSCy Schubertid-ad OBJECT IDENTIFIER ::= { id-pkix 48 } 41*7f2fe78bSCy Schubert -- arc for access descriptors 42*7f2fe78bSCy Schubert 43*7f2fe78bSCy Schubert-- policyQualifierIds for Internet policy qualifiers 44*7f2fe78bSCy Schubert 45*7f2fe78bSCy Schubertid-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } 46*7f2fe78bSCy Schubert -- OID for CPS qualifier 47*7f2fe78bSCy Schubertid-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } 48*7f2fe78bSCy Schubert -- OID for user notice qualifier 49*7f2fe78bSCy Schubert 50*7f2fe78bSCy Schubert-- access descriptor definitions 51*7f2fe78bSCy Schubert 52*7f2fe78bSCy Schubertid-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } 53*7f2fe78bSCy Schubertid-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } 54*7f2fe78bSCy Schubertid-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } 55*7f2fe78bSCy Schubertid-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } 56*7f2fe78bSCy Schubert 57*7f2fe78bSCy Schubert-- attribute data types 58*7f2fe78bSCy Schubert 59*7f2fe78bSCy SchubertAttribute ::= SEQUENCE { 60*7f2fe78bSCy Schubert type AttributeType, 61*7f2fe78bSCy Schubert values SET OF AttributeValue } 62*7f2fe78bSCy Schubert -- at least one value is required 63*7f2fe78bSCy Schubert 64*7f2fe78bSCy SchubertAttributeType ::= OBJECT IDENTIFIER 65*7f2fe78bSCy Schubert 66*7f2fe78bSCy SchubertAttributeValue ::= ANY -- DEFINED BY AttributeType 67*7f2fe78bSCy Schubert 68*7f2fe78bSCy SchubertAttributeTypeAndValue ::= SEQUENCE { 69*7f2fe78bSCy Schubert type AttributeType, 70*7f2fe78bSCy Schubert value AttributeValue } 71*7f2fe78bSCy Schubert 72*7f2fe78bSCy Schubert-- suggested naming attributes: Definition of the following 73*7f2fe78bSCy Schubert-- information object set may be augmented to meet local 74*7f2fe78bSCy Schubert-- requirements. Note that deleting members of the set may 75*7f2fe78bSCy Schubert-- prevent interoperability with conforming implementations. 76*7f2fe78bSCy Schubert-- presented in pairs: the AttributeType followed by the 77*7f2fe78bSCy Schubert-- type definition for the corresponding AttributeValue 78*7f2fe78bSCy Schubert 79*7f2fe78bSCy Schubert-- Arc for standard naming attributes 80*7f2fe78bSCy Schubert 81*7f2fe78bSCy Schubertid-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } 82*7f2fe78bSCy Schubert 83*7f2fe78bSCy Schubert-- Naming attributes of type X520name 84*7f2fe78bSCy Schubert 85*7f2fe78bSCy Schubertid-at-name AttributeType ::= { id-at 41 } 86*7f2fe78bSCy Schubertid-at-surname AttributeType ::= { id-at 4 } 87*7f2fe78bSCy Schubertid-at-givenName AttributeType ::= { id-at 42 } 88*7f2fe78bSCy Schubertid-at-initials AttributeType ::= { id-at 43 } 89*7f2fe78bSCy Schubertid-at-generationQualifier AttributeType ::= { id-at 44 } 90*7f2fe78bSCy Schubert 91*7f2fe78bSCy Schubert-- Naming attributes of type X520Name: 92*7f2fe78bSCy Schubert-- X520name ::= DirectoryString (SIZE (1..ub-name)) 93*7f2fe78bSCy Schubert-- 94*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 95*7f2fe78bSCy SchubertX520name ::= CHOICE { 96*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-name)), 97*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-name)), 98*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-name)), 99*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-name)), 100*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-name)) } 101*7f2fe78bSCy Schubert 102*7f2fe78bSCy Schubert-- Naming attributes of type X520CommonName 103*7f2fe78bSCy Schubert 104*7f2fe78bSCy Schubertid-at-commonName AttributeType ::= { id-at 3 } 105*7f2fe78bSCy Schubert 106*7f2fe78bSCy Schubert-- Naming attributes of type X520CommonName: 107*7f2fe78bSCy Schubert-- X520CommonName ::= DirectoryName (SIZE (1..ub-common-name)) 108*7f2fe78bSCy Schubert-- 109*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 110*7f2fe78bSCy SchubertX520CommonName ::= CHOICE { 111*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-common-name)), 112*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-common-name)), 113*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-common-name)), 114*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-common-name)), 115*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-common-name)) } 116*7f2fe78bSCy Schubert 117*7f2fe78bSCy Schubert-- Naming attributes of type X520LocalityName 118*7f2fe78bSCy Schubert 119*7f2fe78bSCy Schubertid-at-localityName AttributeType ::= { id-at 7 } 120*7f2fe78bSCy Schubert 121*7f2fe78bSCy Schubert-- Naming attributes of type X520LocalityName: 122*7f2fe78bSCy Schubert-- X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name)) 123*7f2fe78bSCy Schubert-- 124*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 125*7f2fe78bSCy SchubertX520LocalityName ::= CHOICE { 126*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-locality-name)), 127*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-locality-name)), 128*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-locality-name)), 129*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-locality-name)), 130*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-locality-name)) } 131*7f2fe78bSCy Schubert 132*7f2fe78bSCy Schubert-- Naming attributes of type X520StateOrProvinceName 133*7f2fe78bSCy Schubert 134*7f2fe78bSCy Schubertid-at-stateOrProvinceName AttributeType ::= { id-at 8 } 135*7f2fe78bSCy Schubert 136*7f2fe78bSCy Schubert-- Naming attributes of type X520StateOrProvinceName: 137*7f2fe78bSCy Schubert-- X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name)) 138*7f2fe78bSCy Schubert-- 139*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 140*7f2fe78bSCy SchubertX520StateOrProvinceName ::= CHOICE { 141*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-state-name)), 142*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-state-name)), 143*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-state-name)), 144*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-state-name)), 145*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-state-name)) } 146*7f2fe78bSCy Schubert 147*7f2fe78bSCy Schubert-- Naming attributes of type X520OrganizationName 148*7f2fe78bSCy Schubert 149*7f2fe78bSCy Schubertid-at-organizationName AttributeType ::= { id-at 10 } 150*7f2fe78bSCy Schubert 151*7f2fe78bSCy Schubert-- Naming attributes of type X520OrganizationName: 152*7f2fe78bSCy Schubert-- X520OrganizationName ::= 153*7f2fe78bSCy Schubert-- DirectoryName (SIZE (1..ub-organization-name)) 154*7f2fe78bSCy Schubert-- 155*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 156*7f2fe78bSCy SchubertX520OrganizationName ::= CHOICE { 157*7f2fe78bSCy Schubert teletexString TeletexString 158*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name)), 159*7f2fe78bSCy Schubert printableString PrintableString 160*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name)), 161*7f2fe78bSCy Schubert universalString UniversalString 162*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name)), 163*7f2fe78bSCy Schubert utf8String UTF8String 164*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name)), 165*7f2fe78bSCy Schubert bmpString BMPString 166*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name)) } 167*7f2fe78bSCy Schubert 168*7f2fe78bSCy Schubert-- Naming attributes of type X520OrganizationalUnitName 169*7f2fe78bSCy Schubert 170*7f2fe78bSCy Schubertid-at-organizationalUnitName AttributeType ::= { id-at 11 } 171*7f2fe78bSCy Schubert 172*7f2fe78bSCy Schubert-- Naming attributes of type X520OrganizationalUnitName: 173*7f2fe78bSCy Schubert-- X520OrganizationalUnitName ::= 174*7f2fe78bSCy Schubert-- DirectoryName (SIZE (1..ub-organizational-unit-name)) 175*7f2fe78bSCy Schubert-- 176*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 177*7f2fe78bSCy SchubertX520OrganizationalUnitName ::= CHOICE { 178*7f2fe78bSCy Schubert teletexString TeletexString 179*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name)), 180*7f2fe78bSCy Schubert printableString PrintableString 181*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name)), 182*7f2fe78bSCy Schubert universalString UniversalString 183*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name)), 184*7f2fe78bSCy Schubert utf8String UTF8String 185*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name)), 186*7f2fe78bSCy Schubert bmpString BMPString 187*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name)) } 188*7f2fe78bSCy Schubert 189*7f2fe78bSCy Schubert-- Naming attributes of type X520Title 190*7f2fe78bSCy Schubert 191*7f2fe78bSCy Schubertid-at-title AttributeType ::= { id-at 12 } 192*7f2fe78bSCy Schubert 193*7f2fe78bSCy Schubert-- Naming attributes of type X520Title: 194*7f2fe78bSCy Schubert-- X520Title ::= DirectoryName (SIZE (1..ub-title)) 195*7f2fe78bSCy Schubert-- 196*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 197*7f2fe78bSCy SchubertX520Title ::= CHOICE { 198*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-title)), 199*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-title)), 200*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-title)), 201*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-title)), 202*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-title)) } 203*7f2fe78bSCy Schubert 204*7f2fe78bSCy Schubert-- Naming attributes of type X520dnQualifier 205*7f2fe78bSCy Schubert 206*7f2fe78bSCy Schubertid-at-dnQualifier AttributeType ::= { id-at 46 } 207*7f2fe78bSCy Schubert 208*7f2fe78bSCy SchubertX520dnQualifier ::= PrintableString 209*7f2fe78bSCy Schubert 210*7f2fe78bSCy Schubert-- Naming attributes of type X520countryName (digraph from IS 3166) 211*7f2fe78bSCy Schubert 212*7f2fe78bSCy Schubertid-at-countryName AttributeType ::= { id-at 6 } 213*7f2fe78bSCy Schubert 214*7f2fe78bSCy SchubertX520countryName ::= PrintableString (SIZE (2)) 215*7f2fe78bSCy Schubert 216*7f2fe78bSCy Schubert-- Naming attributes of type X520SerialNumber 217*7f2fe78bSCy Schubert 218*7f2fe78bSCy Schubertid-at-serialNumber AttributeType ::= { id-at 5 } 219*7f2fe78bSCy Schubert 220*7f2fe78bSCy SchubertX520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) 221*7f2fe78bSCy Schubert 222*7f2fe78bSCy Schubert-- Naming attributes of type X520Pseudonym 223*7f2fe78bSCy Schubert 224*7f2fe78bSCy Schubertid-at-pseudonym AttributeType ::= { id-at 65 } 225*7f2fe78bSCy Schubert 226*7f2fe78bSCy Schubert-- Naming attributes of type X520Pseudonym: 227*7f2fe78bSCy Schubert-- X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym)) 228*7f2fe78bSCy Schubert-- 229*7f2fe78bSCy Schubert-- Expanded to avoid parameterized type: 230*7f2fe78bSCy SchubertX520Pseudonym ::= CHOICE { 231*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..ub-pseudonym)), 232*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..ub-pseudonym)), 233*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..ub-pseudonym)), 234*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..ub-pseudonym)), 235*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..ub-pseudonym)) } 236*7f2fe78bSCy Schubert 237*7f2fe78bSCy Schubert-- Naming attributes of type DomainComponent (from RFC 4519) 238*7f2fe78bSCy Schubert 239*7f2fe78bSCy Schubertid-domainComponent AttributeType ::= { 0 9 2342 19200300 100 1 25 } 240*7f2fe78bSCy Schubert 241*7f2fe78bSCy SchubertDomainComponent ::= IA5String 242*7f2fe78bSCy Schubert 243*7f2fe78bSCy Schubert-- Legacy attributes 244*7f2fe78bSCy Schubert 245*7f2fe78bSCy Schubertpkcs-9 OBJECT IDENTIFIER ::= 246*7f2fe78bSCy Schubert { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } 247*7f2fe78bSCy Schubert 248*7f2fe78bSCy Schubertid-emailAddress AttributeType ::= { pkcs-9 1 } 249*7f2fe78bSCy Schubert 250*7f2fe78bSCy SchubertEmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length)) 251*7f2fe78bSCy Schubert 252*7f2fe78bSCy Schubert-- naming data types -- 253*7f2fe78bSCy Schubert 254*7f2fe78bSCy SchubertName ::= CHOICE { -- only one possibility for now -- 255*7f2fe78bSCy Schubert rdnSequence RDNSequence } 256*7f2fe78bSCy Schubert 257*7f2fe78bSCy SchubertRDNSequence ::= SEQUENCE OF RelativeDistinguishedName 258*7f2fe78bSCy Schubert 259*7f2fe78bSCy SchubertDistinguishedName ::= RDNSequence 260*7f2fe78bSCy Schubert 261*7f2fe78bSCy SchubertRelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue 262*7f2fe78bSCy Schubert 263*7f2fe78bSCy Schubert-- Directory string type -- 264*7f2fe78bSCy Schubert 265*7f2fe78bSCy SchubertDirectoryString ::= CHOICE { 266*7f2fe78bSCy Schubert teletexString TeletexString (SIZE (1..MAX)), 267*7f2fe78bSCy Schubert printableString PrintableString (SIZE (1..MAX)), 268*7f2fe78bSCy Schubert universalString UniversalString (SIZE (1..MAX)), 269*7f2fe78bSCy Schubert utf8String UTF8String (SIZE (1..MAX)), 270*7f2fe78bSCy Schubert bmpString BMPString (SIZE (1..MAX)) } 271*7f2fe78bSCy Schubert 272*7f2fe78bSCy Schubert-- certificate and CRL specific structures begin here 273*7f2fe78bSCy Schubert 274*7f2fe78bSCy SchubertCertificate ::= SEQUENCE { 275*7f2fe78bSCy Schubert tbsCertificate TBSCertificate, 276*7f2fe78bSCy Schubert signatureAlgorithm AlgorithmIdentifier, 277*7f2fe78bSCy Schubert signature BIT STRING } 278*7f2fe78bSCy Schubert 279*7f2fe78bSCy SchubertTBSCertificate ::= SEQUENCE { 280*7f2fe78bSCy Schubert version [0] Version DEFAULT v1, 281*7f2fe78bSCy Schubert serialNumber CertificateSerialNumber, 282*7f2fe78bSCy Schubert signature AlgorithmIdentifier, 283*7f2fe78bSCy Schubert issuer Name, 284*7f2fe78bSCy Schubert validity Validity, 285*7f2fe78bSCy Schubert subject Name, 286*7f2fe78bSCy Schubert subjectPublicKeyInfo SubjectPublicKeyInfo, 287*7f2fe78bSCy Schubert issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 288*7f2fe78bSCy Schubert -- If present, version MUST be v2 or v3 289*7f2fe78bSCy Schubert subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 290*7f2fe78bSCy Schubert -- If present, version MUST be v2 or v3 291*7f2fe78bSCy Schubert extensions [3] Extensions OPTIONAL 292*7f2fe78bSCy Schubert -- If present, version MUST be v3 -- } 293*7f2fe78bSCy Schubert 294*7f2fe78bSCy SchubertVersion ::= INTEGER { v1(0), v2(1), v3(2) } 295*7f2fe78bSCy Schubert 296*7f2fe78bSCy SchubertCertificateSerialNumber ::= INTEGER 297*7f2fe78bSCy Schubert 298*7f2fe78bSCy SchubertValidity ::= SEQUENCE { 299*7f2fe78bSCy Schubert notBefore Time, 300*7f2fe78bSCy Schubert notAfter Time } 301*7f2fe78bSCy Schubert 302*7f2fe78bSCy SchubertTime ::= CHOICE { 303*7f2fe78bSCy Schubert utcTime UTCTime, 304*7f2fe78bSCy Schubert generalTime GeneralizedTime } 305*7f2fe78bSCy Schubert 306*7f2fe78bSCy SchubertUniqueIdentifier ::= BIT STRING 307*7f2fe78bSCy Schubert 308*7f2fe78bSCy SchubertSubjectPublicKeyInfo ::= SEQUENCE { 309*7f2fe78bSCy Schubert algorithm AlgorithmIdentifier, 310*7f2fe78bSCy Schubert subjectPublicKey BIT STRING } 311*7f2fe78bSCy Schubert 312*7f2fe78bSCy SchubertExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension 313*7f2fe78bSCy Schubert 314*7f2fe78bSCy SchubertExtension ::= SEQUENCE { 315*7f2fe78bSCy Schubert extnID OBJECT IDENTIFIER, 316*7f2fe78bSCy Schubert critical BOOLEAN DEFAULT FALSE, 317*7f2fe78bSCy Schubert extnValue OCTET STRING 318*7f2fe78bSCy Schubert -- contains the DER encoding of an ASN.1 value 319*7f2fe78bSCy Schubert -- corresponding to the extension type identified 320*7f2fe78bSCy Schubert -- by extnID 321*7f2fe78bSCy Schubert } 322*7f2fe78bSCy Schubert 323*7f2fe78bSCy Schubert-- CRL structures 324*7f2fe78bSCy Schubert 325*7f2fe78bSCy SchubertCertificateList ::= SEQUENCE { 326*7f2fe78bSCy Schubert tbsCertList TBSCertList, 327*7f2fe78bSCy Schubert signatureAlgorithm AlgorithmIdentifier, 328*7f2fe78bSCy Schubert signature BIT STRING } 329*7f2fe78bSCy Schubert 330*7f2fe78bSCy SchubertTBSCertList ::= SEQUENCE { 331*7f2fe78bSCy Schubert version Version OPTIONAL, 332*7f2fe78bSCy Schubert -- if present, MUST be v2 333*7f2fe78bSCy Schubert signature AlgorithmIdentifier, 334*7f2fe78bSCy Schubert issuer Name, 335*7f2fe78bSCy Schubert thisUpdate Time, 336*7f2fe78bSCy Schubert nextUpdate Time OPTIONAL, 337*7f2fe78bSCy Schubert revokedCertificates SEQUENCE OF SEQUENCE { 338*7f2fe78bSCy Schubert userCertificate CertificateSerialNumber, 339*7f2fe78bSCy Schubert revocationDate Time, 340*7f2fe78bSCy Schubert crlEntryExtensions Extensions OPTIONAL 341*7f2fe78bSCy Schubert -- if present, version MUST be v2 342*7f2fe78bSCy Schubert } OPTIONAL, 343*7f2fe78bSCy Schubert crlExtensions [0] Extensions OPTIONAL } 344*7f2fe78bSCy Schubert -- if present, version MUST be v2 345*7f2fe78bSCy Schubert 346*7f2fe78bSCy Schubert-- Version, Time, CertificateSerialNumber, and Extensions were 347*7f2fe78bSCy Schubert-- defined earlier for use in the certificate structure 348*7f2fe78bSCy Schubert 349*7f2fe78bSCy SchubertAlgorithmIdentifier ::= SEQUENCE { 350*7f2fe78bSCy Schubert algorithm OBJECT IDENTIFIER, 351*7f2fe78bSCy Schubert parameters ANY DEFINED BY algorithm OPTIONAL } 352*7f2fe78bSCy Schubert -- contains a value of the type 353*7f2fe78bSCy Schubert -- registered for use with the 354*7f2fe78bSCy Schubert -- algorithm object identifier value 355*7f2fe78bSCy Schubert 356*7f2fe78bSCy Schubert-- X.400 address syntax starts here 357*7f2fe78bSCy Schubert 358*7f2fe78bSCy SchubertORAddress ::= SEQUENCE { 359*7f2fe78bSCy Schubert built-in-standard-attributes BuiltInStandardAttributes, 360*7f2fe78bSCy Schubert built-in-domain-defined-attributes 361*7f2fe78bSCy Schubert BuiltInDomainDefinedAttributes OPTIONAL, 362*7f2fe78bSCy Schubert -- see also teletex-domain-defined-attributes 363*7f2fe78bSCy Schubert extension-attributes ExtensionAttributes OPTIONAL } 364*7f2fe78bSCy Schubert 365*7f2fe78bSCy Schubert-- Built-in Standard Attributes 366*7f2fe78bSCy Schubert 367*7f2fe78bSCy SchubertBuiltInStandardAttributes ::= SEQUENCE { 368*7f2fe78bSCy Schubert country-name CountryName OPTIONAL, 369*7f2fe78bSCy Schubert administration-domain-name AdministrationDomainName OPTIONAL, 370*7f2fe78bSCy Schubert network-address [0] IMPLICIT NetworkAddress OPTIONAL, 371*7f2fe78bSCy Schubert -- see also extended-network-address 372*7f2fe78bSCy Schubert terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, 373*7f2fe78bSCy Schubert private-domain-name [2] PrivateDomainName OPTIONAL, 374*7f2fe78bSCy Schubert organization-name [3] IMPLICIT OrganizationName OPTIONAL, 375*7f2fe78bSCy Schubert -- see also teletex-organization-name 376*7f2fe78bSCy Schubert numeric-user-identifier [4] IMPLICIT NumericUserIdentifier 377*7f2fe78bSCy Schubert OPTIONAL, 378*7f2fe78bSCy Schubert personal-name [5] IMPLICIT PersonalName OPTIONAL, 379*7f2fe78bSCy Schubert -- see also teletex-personal-name 380*7f2fe78bSCy Schubert organizational-unit-names [6] IMPLICIT OrganizationalUnitNames 381*7f2fe78bSCy Schubert OPTIONAL } 382*7f2fe78bSCy Schubert -- see also teletex-organizational-unit-names 383*7f2fe78bSCy Schubert 384*7f2fe78bSCy SchubertCountryName ::= [APPLICATION 1] CHOICE { 385*7f2fe78bSCy Schubert x121-dcc-code NumericString 386*7f2fe78bSCy Schubert (SIZE (ub-country-name-numeric-length)), 387*7f2fe78bSCy Schubert iso-3166-alpha2-code PrintableString 388*7f2fe78bSCy Schubert (SIZE (ub-country-name-alpha-length)) } 389*7f2fe78bSCy Schubert 390*7f2fe78bSCy SchubertAdministrationDomainName ::= [APPLICATION 2] CHOICE { 391*7f2fe78bSCy Schubert numeric NumericString (SIZE (0..ub-domain-name-length)), 392*7f2fe78bSCy Schubert printable PrintableString (SIZE (0..ub-domain-name-length)) } 393*7f2fe78bSCy Schubert 394*7f2fe78bSCy SchubertNetworkAddress ::= X121Address -- see also extended-network-address 395*7f2fe78bSCy Schubert 396*7f2fe78bSCy SchubertX121Address ::= NumericString (SIZE (1..ub-x121-address-length)) 397*7f2fe78bSCy Schubert 398*7f2fe78bSCy SchubertTerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) 399*7f2fe78bSCy Schubert 400*7f2fe78bSCy SchubertPrivateDomainName ::= CHOICE { 401*7f2fe78bSCy Schubert numeric NumericString (SIZE (1..ub-domain-name-length)), 402*7f2fe78bSCy Schubert printable PrintableString (SIZE (1..ub-domain-name-length)) } 403*7f2fe78bSCy Schubert 404*7f2fe78bSCy SchubertOrganizationName ::= PrintableString 405*7f2fe78bSCy Schubert (SIZE (1..ub-organization-name-length)) 406*7f2fe78bSCy Schubert -- see also teletex-organization-name 407*7f2fe78bSCy Schubert 408*7f2fe78bSCy SchubertNumericUserIdentifier ::= NumericString 409*7f2fe78bSCy Schubert (SIZE (1..ub-numeric-user-id-length)) 410*7f2fe78bSCy Schubert 411*7f2fe78bSCy SchubertPersonalName ::= SET { 412*7f2fe78bSCy Schubert surname [0] IMPLICIT PrintableString 413*7f2fe78bSCy Schubert (SIZE (1..ub-surname-length)), 414*7f2fe78bSCy Schubert given-name [1] IMPLICIT PrintableString 415*7f2fe78bSCy Schubert (SIZE (1..ub-given-name-length)) OPTIONAL, 416*7f2fe78bSCy Schubert initials [2] IMPLICIT PrintableString 417*7f2fe78bSCy Schubert (SIZE (1..ub-initials-length)) OPTIONAL, 418*7f2fe78bSCy Schubert generation-qualifier [3] IMPLICIT PrintableString 419*7f2fe78bSCy Schubert (SIZE (1..ub-generation-qualifier-length)) 420*7f2fe78bSCy Schubert OPTIONAL } 421*7f2fe78bSCy Schubert -- see also teletex-personal-name 422*7f2fe78bSCy Schubert 423*7f2fe78bSCy SchubertOrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) 424*7f2fe78bSCy Schubert OF OrganizationalUnitName 425*7f2fe78bSCy Schubert -- see also teletex-organizational-unit-names 426*7f2fe78bSCy Schubert 427*7f2fe78bSCy SchubertOrganizationalUnitName ::= PrintableString (SIZE 428*7f2fe78bSCy Schubert (1..ub-organizational-unit-name-length)) 429*7f2fe78bSCy Schubert 430*7f2fe78bSCy Schubert-- Built-in Domain-defined Attributes 431*7f2fe78bSCy Schubert 432*7f2fe78bSCy SchubertBuiltInDomainDefinedAttributes ::= SEQUENCE SIZE 433*7f2fe78bSCy Schubert (1..ub-domain-defined-attributes) OF 434*7f2fe78bSCy Schubert BuiltInDomainDefinedAttribute 435*7f2fe78bSCy Schubert 436*7f2fe78bSCy SchubertBuiltInDomainDefinedAttribute ::= SEQUENCE { 437*7f2fe78bSCy Schubert type PrintableString (SIZE 438*7f2fe78bSCy Schubert (1..ub-domain-defined-attribute-type-length)), 439*7f2fe78bSCy Schubert value PrintableString (SIZE 440*7f2fe78bSCy Schubert (1..ub-domain-defined-attribute-value-length)) } 441*7f2fe78bSCy Schubert 442*7f2fe78bSCy Schubert-- Extension Attributes 443*7f2fe78bSCy Schubert 444*7f2fe78bSCy SchubertExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF 445*7f2fe78bSCy Schubert ExtensionAttribute 446*7f2fe78bSCy Schubert 447*7f2fe78bSCy SchubertExtensionAttribute ::= SEQUENCE { 448*7f2fe78bSCy Schubert extension-attribute-type [0] IMPLICIT INTEGER 449*7f2fe78bSCy Schubert (0..ub-extension-attributes), 450*7f2fe78bSCy Schubert extension-attribute-value [1] 451*7f2fe78bSCy Schubert ANY DEFINED BY extension-attribute-type } 452*7f2fe78bSCy Schubert 453*7f2fe78bSCy Schubert-- Extension types and attribute values 454*7f2fe78bSCy Schubert 455*7f2fe78bSCy Schubertcommon-name INTEGER ::= 1 456*7f2fe78bSCy Schubert 457*7f2fe78bSCy SchubertCommonName ::= PrintableString (SIZE (1..ub-common-name-length)) 458*7f2fe78bSCy Schubert 459*7f2fe78bSCy Schubertteletex-common-name INTEGER ::= 2 460*7f2fe78bSCy Schubert 461*7f2fe78bSCy SchubertTeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) 462*7f2fe78bSCy Schubert 463*7f2fe78bSCy Schubertteletex-organization-name INTEGER ::= 3 464*7f2fe78bSCy Schubert 465*7f2fe78bSCy SchubertTeletexOrganizationName ::= 466*7f2fe78bSCy Schubert TeletexString (SIZE (1..ub-organization-name-length)) 467*7f2fe78bSCy Schubert 468*7f2fe78bSCy Schubertteletex-personal-name INTEGER ::= 4 469*7f2fe78bSCy Schubert 470*7f2fe78bSCy SchubertTeletexPersonalName ::= SET { 471*7f2fe78bSCy Schubert surname [0] IMPLICIT TeletexString 472*7f2fe78bSCy Schubert (SIZE (1..ub-surname-length)), 473*7f2fe78bSCy Schubert given-name [1] IMPLICIT TeletexString 474*7f2fe78bSCy Schubert (SIZE (1..ub-given-name-length)) OPTIONAL, 475*7f2fe78bSCy Schubert initials [2] IMPLICIT TeletexString 476*7f2fe78bSCy Schubert (SIZE (1..ub-initials-length)) OPTIONAL, 477*7f2fe78bSCy Schubert generation-qualifier [3] IMPLICIT TeletexString 478*7f2fe78bSCy Schubert (SIZE (1..ub-generation-qualifier-length)) 479*7f2fe78bSCy Schubert OPTIONAL } 480*7f2fe78bSCy Schubert 481*7f2fe78bSCy Schubertteletex-organizational-unit-names INTEGER ::= 5 482*7f2fe78bSCy Schubert 483*7f2fe78bSCy SchubertTeletexOrganizationalUnitNames ::= SEQUENCE SIZE 484*7f2fe78bSCy Schubert (1..ub-organizational-units) OF TeletexOrganizationalUnitName 485*7f2fe78bSCy Schubert 486*7f2fe78bSCy SchubertTeletexOrganizationalUnitName ::= TeletexString 487*7f2fe78bSCy Schubert (SIZE (1..ub-organizational-unit-name-length)) 488*7f2fe78bSCy Schubert 489*7f2fe78bSCy Schubertpds-name INTEGER ::= 7 490*7f2fe78bSCy Schubert 491*7f2fe78bSCy SchubertPDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) 492*7f2fe78bSCy Schubert 493*7f2fe78bSCy Schubertphysical-delivery-country-name INTEGER ::= 8 494*7f2fe78bSCy Schubert 495*7f2fe78bSCy SchubertPhysicalDeliveryCountryName ::= CHOICE { 496*7f2fe78bSCy Schubert x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), 497*7f2fe78bSCy Schubert iso-3166-alpha2-code PrintableString 498*7f2fe78bSCy Schubert (SIZE (ub-country-name-alpha-length)) } 499*7f2fe78bSCy Schubert 500*7f2fe78bSCy Schubertpostal-code INTEGER ::= 9 501*7f2fe78bSCy Schubert 502*7f2fe78bSCy SchubertPostalCode ::= CHOICE { 503*7f2fe78bSCy Schubert numeric-code NumericString (SIZE (1..ub-postal-code-length)), 504*7f2fe78bSCy Schubert printable-code PrintableString (SIZE (1..ub-postal-code-length)) } 505*7f2fe78bSCy Schubert 506*7f2fe78bSCy Schubertphysical-delivery-office-name INTEGER ::= 10 507*7f2fe78bSCy SchubertPhysicalDeliveryOfficeName ::= PDSParameter 508*7f2fe78bSCy Schubert 509*7f2fe78bSCy Schubertphysical-delivery-office-number INTEGER ::= 11 510*7f2fe78bSCy Schubert 511*7f2fe78bSCy SchubertPhysicalDeliveryOfficeNumber ::= PDSParameter 512*7f2fe78bSCy Schubert 513*7f2fe78bSCy Schubertextension-OR-address-components INTEGER ::= 12 514*7f2fe78bSCy Schubert 515*7f2fe78bSCy SchubertExtensionORAddressComponents ::= PDSParameter 516*7f2fe78bSCy Schubert 517*7f2fe78bSCy Schubertphysical-delivery-personal-name INTEGER ::= 13 518*7f2fe78bSCy Schubert 519*7f2fe78bSCy SchubertPhysicalDeliveryPersonalName ::= PDSParameter 520*7f2fe78bSCy Schubert 521*7f2fe78bSCy Schubertphysical-delivery-organization-name INTEGER ::= 14 522*7f2fe78bSCy Schubert 523*7f2fe78bSCy SchubertPhysicalDeliveryOrganizationName ::= PDSParameter 524*7f2fe78bSCy Schubert 525*7f2fe78bSCy Schubertextension-physical-delivery-address-components INTEGER ::= 15 526*7f2fe78bSCy Schubert 527*7f2fe78bSCy SchubertExtensionPhysicalDeliveryAddressComponents ::= PDSParameter 528*7f2fe78bSCy Schubert 529*7f2fe78bSCy Schubertunformatted-postal-address INTEGER ::= 16 530*7f2fe78bSCy Schubert 531*7f2fe78bSCy SchubertUnformattedPostalAddress ::= SET { 532*7f2fe78bSCy Schubert printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) 533*7f2fe78bSCy Schubert OF PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL, 534*7f2fe78bSCy Schubert teletex-string TeletexString 535*7f2fe78bSCy Schubert (SIZE (1..ub-unformatted-address-length)) OPTIONAL } 536*7f2fe78bSCy Schubert 537*7f2fe78bSCy Schubertstreet-address INTEGER ::= 17 538*7f2fe78bSCy Schubert 539*7f2fe78bSCy SchubertStreetAddress ::= PDSParameter 540*7f2fe78bSCy Schubert 541*7f2fe78bSCy Schubertpost-office-box-address INTEGER ::= 18 542*7f2fe78bSCy Schubert 543*7f2fe78bSCy SchubertPostOfficeBoxAddress ::= PDSParameter 544*7f2fe78bSCy Schubert 545*7f2fe78bSCy Schubertposte-restante-address INTEGER ::= 19 546*7f2fe78bSCy Schubert 547*7f2fe78bSCy SchubertPosteRestanteAddress ::= PDSParameter 548*7f2fe78bSCy Schubert 549*7f2fe78bSCy Schubertunique-postal-name INTEGER ::= 20 550*7f2fe78bSCy Schubert 551*7f2fe78bSCy SchubertUniquePostalName ::= PDSParameter 552*7f2fe78bSCy Schubert 553*7f2fe78bSCy Schubertlocal-postal-attributes INTEGER ::= 21 554*7f2fe78bSCy Schubert 555*7f2fe78bSCy SchubertLocalPostalAttributes ::= PDSParameter 556*7f2fe78bSCy Schubert 557*7f2fe78bSCy SchubertPDSParameter ::= SET { 558*7f2fe78bSCy Schubert printable-string PrintableString 559*7f2fe78bSCy Schubert (SIZE(1..ub-pds-parameter-length)) OPTIONAL, 560*7f2fe78bSCy Schubert teletex-string TeletexString 561*7f2fe78bSCy Schubert (SIZE(1..ub-pds-parameter-length)) OPTIONAL } 562*7f2fe78bSCy Schubert 563*7f2fe78bSCy Schubertextended-network-address INTEGER ::= 22 564*7f2fe78bSCy Schubert 565*7f2fe78bSCy SchubertExtendedNetworkAddress ::= CHOICE { 566*7f2fe78bSCy Schubert e163-4-address SEQUENCE { 567*7f2fe78bSCy Schubert number [0] IMPLICIT NumericString 568*7f2fe78bSCy Schubert (SIZE (1..ub-e163-4-number-length)), 569*7f2fe78bSCy Schubert sub-address [1] IMPLICIT NumericString 570*7f2fe78bSCy Schubert (SIZE (1..ub-e163-4-sub-address-length)) 571*7f2fe78bSCy Schubert OPTIONAL }, 572*7f2fe78bSCy Schubert psap-address [0] IMPLICIT PresentationAddress } 573*7f2fe78bSCy Schubert 574*7f2fe78bSCy SchubertPresentationAddress ::= SEQUENCE { 575*7f2fe78bSCy Schubert pSelector [0] EXPLICIT OCTET STRING OPTIONAL, 576*7f2fe78bSCy Schubert sSelector [1] EXPLICIT OCTET STRING OPTIONAL, 577*7f2fe78bSCy Schubert tSelector [2] EXPLICIT OCTET STRING OPTIONAL, 578*7f2fe78bSCy Schubert nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } 579*7f2fe78bSCy Schubert 580*7f2fe78bSCy Schubertterminal-type INTEGER ::= 23 581*7f2fe78bSCy Schubert 582*7f2fe78bSCy SchubertTerminalType ::= INTEGER { 583*7f2fe78bSCy Schubert telex (3), 584*7f2fe78bSCy Schubert teletex (4), 585*7f2fe78bSCy Schubert g3-facsimile (5), 586*7f2fe78bSCy Schubert g4-facsimile (6), 587*7f2fe78bSCy Schubert ia5-terminal (7), 588*7f2fe78bSCy Schubert videotex (8) } (0..ub-integer-options) 589*7f2fe78bSCy Schubert 590*7f2fe78bSCy Schubert-- Extension Domain-defined Attributes 591*7f2fe78bSCy Schubert 592*7f2fe78bSCy Schubertteletex-domain-defined-attributes INTEGER ::= 6 593*7f2fe78bSCy Schubert 594*7f2fe78bSCy SchubertTeletexDomainDefinedAttributes ::= SEQUENCE SIZE 595*7f2fe78bSCy Schubert (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute 596*7f2fe78bSCy Schubert 597*7f2fe78bSCy SchubertTeletexDomainDefinedAttribute ::= SEQUENCE { 598*7f2fe78bSCy Schubert type TeletexString 599*7f2fe78bSCy Schubert (SIZE (1..ub-domain-defined-attribute-type-length)), 600*7f2fe78bSCy Schubert value TeletexString 601*7f2fe78bSCy Schubert (SIZE (1..ub-domain-defined-attribute-value-length)) } 602*7f2fe78bSCy Schubert 603*7f2fe78bSCy Schubert-- specifications of Upper Bounds MUST be regarded as mandatory 604*7f2fe78bSCy Schubert-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter 605*7f2fe78bSCy Schubert-- Upper Bounds 606*7f2fe78bSCy Schubert 607*7f2fe78bSCy Schubert-- Upper Bounds 608*7f2fe78bSCy Schubertub-name INTEGER ::= 32768 609*7f2fe78bSCy Schubertub-common-name INTEGER ::= 64 610*7f2fe78bSCy Schubertub-locality-name INTEGER ::= 128 611*7f2fe78bSCy Schubertub-state-name INTEGER ::= 128 612*7f2fe78bSCy Schubertub-organization-name INTEGER ::= 64 613*7f2fe78bSCy Schubertub-organizational-unit-name INTEGER ::= 64 614*7f2fe78bSCy Schubertub-title INTEGER ::= 64 615*7f2fe78bSCy Schubertub-serial-number INTEGER ::= 64 616*7f2fe78bSCy Schubertub-match INTEGER ::= 128 617*7f2fe78bSCy Schubertub-emailaddress-length INTEGER ::= 255 618*7f2fe78bSCy Schubertub-common-name-length INTEGER ::= 64 619*7f2fe78bSCy Schubertub-country-name-alpha-length INTEGER ::= 2 620*7f2fe78bSCy Schubertub-country-name-numeric-length INTEGER ::= 3 621*7f2fe78bSCy Schubertub-domain-defined-attributes INTEGER ::= 4 622*7f2fe78bSCy Schubertub-domain-defined-attribute-type-length INTEGER ::= 8 623*7f2fe78bSCy Schubertub-domain-defined-attribute-value-length INTEGER ::= 128 624*7f2fe78bSCy Schubertub-domain-name-length INTEGER ::= 16 625*7f2fe78bSCy Schubertub-extension-attributes INTEGER ::= 256 626*7f2fe78bSCy Schubertub-e163-4-number-length INTEGER ::= 15 627*7f2fe78bSCy Schubertub-e163-4-sub-address-length INTEGER ::= 40 628*7f2fe78bSCy Schubertub-generation-qualifier-length INTEGER ::= 3 629*7f2fe78bSCy Schubertub-given-name-length INTEGER ::= 16 630*7f2fe78bSCy Schubertub-initials-length INTEGER ::= 5 631*7f2fe78bSCy Schubertub-integer-options INTEGER ::= 256 632*7f2fe78bSCy Schubertub-numeric-user-id-length INTEGER ::= 32 633*7f2fe78bSCy Schubertub-organization-name-length INTEGER ::= 64 634*7f2fe78bSCy Schubertub-organizational-unit-name-length INTEGER ::= 32 635*7f2fe78bSCy Schubertub-organizational-units INTEGER ::= 4 636*7f2fe78bSCy Schubertub-pds-name-length INTEGER ::= 16 637*7f2fe78bSCy Schubertub-pds-parameter-length INTEGER ::= 30 638*7f2fe78bSCy Schubertub-pds-physical-address-lines INTEGER ::= 6 639*7f2fe78bSCy Schubertub-postal-code-length INTEGER ::= 16 640*7f2fe78bSCy Schubertub-pseudonym INTEGER ::= 128 641*7f2fe78bSCy Schubertub-surname-length INTEGER ::= 40 642*7f2fe78bSCy Schubertub-terminal-id-length INTEGER ::= 24 643*7f2fe78bSCy Schubertub-unformatted-address-length INTEGER ::= 180 644*7f2fe78bSCy Schubertub-x121-address-length INTEGER ::= 16 645*7f2fe78bSCy Schubert 646*7f2fe78bSCy Schubert-- Note - upper bounds on string types, such as TeletexString, are 647*7f2fe78bSCy Schubert-- measured in characters. Excepting PrintableString or IA5String, a 648*7f2fe78bSCy Schubert-- significantly greater number of octets will be required to hold 649*7f2fe78bSCy Schubert-- such a value. As a minimum, 16 octets, or twice the specified 650*7f2fe78bSCy Schubert-- upper bound, whichever is the larger, should be allowed for 651*7f2fe78bSCy Schubert-- TeletexString. For UTF8String or UniversalString at least four 652*7f2fe78bSCy Schubert-- times the upper bound should be allowed. 653*7f2fe78bSCy Schubert 654*7f2fe78bSCy SchubertEND 655